Judges warn firms that they need data protection insurance

Court of Appeal judges have told employers to take out insurance against the risk of rogue employers stealing personal data.

Morrisons, the supermarket chain, lost their case at the court despite claiming the company had done nothing wrong and was a victim of the theft of personal data relating to around 100,000 staff.

The data was copied by a disgruntled employee in the IT department without permission and later sent to newspapers and published on the internet.

The information included names, addresses, bank and salary details.

The employee was jailed for eight years for the data theft.

Cover needed for internal data breaches

The company is contesting that it should have to compensate 5,500 staff who have brought a class action claiming damages for the criminal act of a single employee.

Compensation has not yet been set, but Morrisons is thought to have spent £2 million on legal fees already. The concern is the remaining 95,000 employees may pursue claims if their colleagues win compensation.

The High Court ruled against the claim from Morrisons. The supermarket appealed, but the Court of Appeal agreed with the High Court ruling and dismissed the claim.

The company is now planning to take the case to the Supreme Court.

The High Court explained that although there was no reason to distrust the employee with data, the company had no procedures in place to safeguard the data from misuse.

Judges at the Court of Appeal commented that although the ruling opened companies to claims for incidents that were beyond their control it was up to employers to insure against the risk.

Data security is vital for businesses

More data breach claims are expected as the victims do not have to show they suffered a loss under data protection laws, just that the incident led to distress.